LiveActive security incident?Get immediate response
CVE Record

CVE-2019-1901: Cisco Nexus 9000 Series ACI Mode Switch Software Link Layer Discovery Protocol Buffer Overflow Vulnerability

A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to the targeted device. A successful exploit may lead to a buffer overflow condition that could either cause a DoS condition or allow the attacker to execute arbitrary code with root privileges. Note: This vulnerability cannot be exploited by transit traffic through the device; the crafted packet must be targeted to a directly connected interface. This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI mode if they are running a Cisco Nexus 9000 Series ACI Mode Switch Software release prior to 13.2(7f) or any 14.x release.

HighCVSS 8.8Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

This flaw affects Cisco Nexus 9000 fabric switches running ACI mode software. A device directly connected to a switch interface could send a malicious LLDP packet that crashes the device or may run code as root. It is not exploitable through normal routed transit traffic.

Executive priority

Prioritize remediation for affected ACI fabric switches because compromise could disrupt core data center networking and may allow root-level execution. Internet-wide exposure is unlikely, but insider, colocated, or mispatched Layer 2 environments can still create meaningful risk.

Technical view

CVE-2019-1901 is a CWE-119 buffer overflow in the LLDP subsystem caused by improper validation of LLDP TLV fields. Exploitation requires adjacent network access to a directly connected interface and no authentication. Cisco lists affected ACI mode releases before 13.2(7f) and any 14.x release.

Likely exposure

Exposure is limited to Cisco Nexus 9000 Series Fabric Switches in ACI mode on affected software. Risk is highest where untrusted systems, shared cabling, labs, or partner-managed devices can connect at Layer 2 to switch interfaces.

Exploitation context

The source bundle reports no CISA KEV listing and provides no evidence of active exploitation. Attackers need adjacency, not Internet reachability. Successful exploitation could cause denial of service or potentially root-level code execution on the switch.

Researcher notes

Validation should focus on product mode, software train, and adjacency model. Do not assess this as remotely exploitable through transit traffic. The bundle does not provide exploit maturity, workaround specifics, or proof of active exploitation.

Mitigation direction

  • Inventory Cisco Nexus 9000 ACI mode fabric switches and their software versions.
  • Follow Cisco’s advisory and fixed-release guidance before scheduling upgrades.
  • Treat releases before 13.2(7f) and any 14.x release as affected per the source bundle.
  • Prioritize switches with untrusted or shared directly connected Layer 2 access.
  • Restrict unauthorized physical or Layer 2 adjacency where operationally feasible.

Validation and detection

  • Confirm whether each Nexus 9000 switch is operating in ACI mode.
  • Compare installed software against the affected ranges in the Cisco advisory.
  • Identify interfaces with directly connected untrusted, shared, or partner-managed devices.
  • Review crash, reload, or LLDP-related telemetry for unusual events.
  • Track remediation evidence with device name, version, and advisory reference.
Prepared
Confidence
high
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-119: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
description · low confidence lookup

Execution behavior lookup

The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2019-1901 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
8.8 (3.0)
Known Exploited
No
Published

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
8.8CVSS 3.0HighCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H2.85.9Primary CVE score

Vulnerability scoring details

Base CVSS 3.0 score

8.8High
CVSS 3.0 vector shape for CVE-2019-1901Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
CiscoCisco NX-OS System SoftwareunspecifiedListed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.